Existing methods for authentication of a user to a physical place or to a digital contents such as online account, banking account at an ATM station, online payment for products or services, or offline payment for products or services involving the user having a user credentials known to two parties; a provider and the user. A known method that is widely used is authentication using a user name and password known to an authentication system such as a server and to a user. On the other hand, some methods involving a user carrying a physical card such as an ID card or credit card with encoded information on magnetic or smart ship placed on the card.
Other methods that are used as an added security to a user name and password are a programmable digital devices such as a fobs. Other methods that are gaining popularity involve using a mobile gadgets such a phone, tablet, or other electronic devices with an embedded operating system as a method for authentication. Existing methods that utilize mobile gadgets use a mobile device to display static textual or encoded contents such as barcode image to be scanned by a another party with a scanning device in order to perform authentication.
Other applications that relay on mobile devices to perform authentication use Near Field Communication (NFC) technologies. Such application is known to exist in one or more forms of Digital Wallet Mobile Applications, an example of such application is Google Wallet Application. Other mobile applications relay on GPS technology to authenticate a user for one or more forms of earn and access loyalty rewards at merchant's. Such methods are known as check-ins. Existing techniques for authentication methods mentioned above have been relatively easy to circumvent.
Certain prior art for authentication methods involves a user having credentials known to two parties, a provider and a user. A known methods are widely used and relay on a known user name and password to authenticate a user to a system such as a server.
When an existing credentials are known to multiple parties, it is static, and it can be vulnerable to skilled thieves who can gain unauthorized access to, physical places, data, or contents. Static digital contents used for user authentication is known to be vulnerable to skilled hackers.
Certain prior art for authentication methods involves a user carrying a physical card such as an identification card or credit card with encoded information on a magnetic strip or smart ship placed on the card.
Encoding credentials contents on physical objects such credit cards or identification cards for the purpose of authentication are known to be insecure ways of authentication. In many instances, a user is asked to carry multiple forms of identification cards. Authentication requires another person equipped with credit card or identification card reader to read and verify credentials. It is always assumed that a carrier of a credit card or identification card is the authorized owner. A stolen or lost credit card or identification card is high risk for unauthorized access by a unauthorized person. In some cases, a known pin or password must be remembered as an additional security measure. This method for authentication is known to have a high security risk. In addition, data encoded on a physical card is static, and require save guarding by the providing party.
Certain prior art for authentication methods involves a programmed digital device such as a fob. Fobs require a one time programming. A fob device is a measure for added security only. On its own, a fob device is not a stand alone solution for authentication. Fob devices carry no communication, and if lost, it require a physical replacement.
Certain prior art for authentication methods involves using mobile gadgets such smart phone, tablet, or other electronic devices with an embedded operating system. Existing methods that utilize mobile gadgets use a mobile device to display static textual or encoded contents such as barcode images. Barcode images are scanned by a second party with a scanning device in order to perform authentication.
Existing technologies that utilize mobile gadgets such smart phones relay on assigning an ID to a mobile user, and encode that ID in a form of a barcode, QR Code, or other images using a mobile application. This method relays on a second party with a scanning device to scan the barcode image displayed on the user's mobile device.
The scanning device is used to decode data and initialize a request in order to authorize a user for a purpose of a transaction. This method relay on static authentication ID assigned to a user. This authentication process is initiated by one scanning device typical in a physical place like a store. It is vulnerable to fraud because static authentication data can be copied or shared among multiple users with mobile devices. A skilled hacker can gain access to the scanning device, and as result can collect authentication data belonging to plurality of users. The scanning device requires a dedicated secure line of communication. All authentications request is initiated by the scanning device on the same line of communication. A skilled hacker can intercept the single line dedicated for authentication request, and as a result gain access to authentication data belonging to plurality of users.
A static barcode, QR Code, or other forms of images that are displayed by a mobile application and assigned to a user for a purpose of authentication, can be compromised by a dishonest user taking a screen shot of the displayed image and distribute to multiple users.
The system in this case relay on the honesty of users. Example of current applications in the market that relay on QR Code and barcode as a form of authentication on a mobile payment systems are LevelUp.com, Starbucks Mobile Application, and SquareUp.com. Each user in this case is assigned a static ID encoded as a qr-code or barcode image. The barcode or QR Code image is displayed by user's mobile devices. When a user wishes to use this mobile payment method at a merchant, the user is required to scan the barcode or QR Code image displayed on the user's mobile device. The scanner device at the merchant communicates with an authentication server and carries on the authentication process.
There is a need in the market for a better technology to facilitate authentication using mobile devices for mobile users for wide spectrum of needs.